[Snort-users] icmp

Ryan Russell ryan at ...35...
Wed Nov 14 16:09:02 EST 2001

On Thu, 15 Nov 2001, Peter VE wrote:

> My server (connected to the internet) has 2 NIC's
> 1 nic connected to cable modem
> 1 nic connected to LAN
> server is running BlackICE
> I installed snort on this server (Win2K)
> should I let it listen on the internal interface, or on the external
> interface

Unless there is a worry about attack from an internal machine, to an
internal machine, all attacks would have to traverse the external
interface.  So, you should monitor the external interface.

> (but for some reason BlackICe doesn't work anymore... I guess
> snort is handling all traffic)...

I never tried to mix the two... it's possible you can only run one at a


More information about the Snort-users mailing list